Extra

Question 1

Risk Control - Directive control vs Preventive control vs Detective control vs Corrective control

Answer 1

Directive – controls to ensure a particular aim is realised

Preventive – measures to stop a risk happening or an unwanted outcome arising

Detective – after the event measures to identify when an incident has happened

Corrective – measures to limit scope for loss and reduce any undesirable outcomes that have come about once the loss or damage has materialised

Question 2

What is an insurance derivative

Answer 2

Part of alternative risk transfer

Insurance derivatives are a development of this concept. They are a contract to pay an
agreed amount of money once a certain level of loss incident is reached. Often that level of
loss is not one just within the organisation but a level dictated by an external agency.

Question 3

What is comparative information

Answer 3

measured or judged by estimating the similarity or dissimilarity between one thing and another; relative

The amounts and disclosures included in the financial statements in respect of one or more prior periods in accordance with the applicable financial reporting framework.

A comparative statement is a document used to compare a particular financial statement with prior period statements. Previous financials are presented alongside the latest figures in side-by-side columns, enabling investors to identify trends, track a company’s progress and compare it with industry rivals.

Question 4

What is COSO

Answer 4

The COSO framework classifies internal control objectives into three groups: operations, information, and compliance. Operational objectives include performance measures and safeguarding the organization’s assets against fraud. They focus on the effectiveness and efficiency of business transactions.

Sarbanes-Oxley corporate governance legislation

Question 5

What is COSO

Answer 5

The COSO framework classifies internal control objectives into three groups: operations, information, and compliance. Operational objectives include performance measures and safeguarding the organization’s assets against fraud. They focus on the effectiveness and efficiency of business transactions.

Sarbanes-Oxley corporate governance legislation

Question 6

What were the provisions of the (SOX) Sarbanes-Oxley Corporate Governance Legislation

Answer 6

Part of Corporate Governance

The Sarbanes-Oxley Act of 2002 was passed by Congress in response to widespread corporate fraud and failures. The act implemented new rules for corporations, such as setting new auditor standards to reduce conflicts of interest and transferring responsibility for the complete and accurate handling of financial reports.

Question 7

ISO 3100

Answer 7

ISO 31000, Risk management – Guidelines, provides principles, a framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector

Benefits - Increase stakeholder confidence in your risk management techniques. Strengthen operational controls, including mandatory and voluntary reporting. Improve your business performance, crisis management and organizational resilience.

Question 8

Business Continuity Management

Answer 8

Business continuity may be defined as “the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident”,

Question 9

When did the concept of measuring risks date?

Answer 9

17th century; Fermat and Pascal

Question 10

What is the BASEL I accord?

Answer 10

System to regulate banks by controlling their capital reserves

Upgrading to the BASEL II/III with introduction of more capital calculation rules and capital controls

Question 11

What is the Sarbanes - oxley act 2002?

Answer 11

USA’ governance and financial reporting regulations imposed on all companies in NYSE

Question 12

What is a dread risk?

Answer 12

Risks people feel like they have little control and which have dreadful consequecnes i.e. Nuclear accidents

Question 13

What are the components of the Renn and Rohrmann;s structured framework

Answer 13

Lvl 1 - comment sense (collective reasoning strategies)

Lvl 2 - Emotional (Knowledge of risk)

Lvl 3 - Media influence (social, economic and political culture)

Lvl 4 - Cultural influences (personal identity and views)

Question 14

What is a strategic risk?

Answer 14

Assocaiton with vision, mission and long term objectives

Question 15

What is failure to abide by GDPR an example of?

Answer 15

Operational risk

Question 16

Who does GDPR apply to?

Answer 16

Controller’s (how and why data is processed) and processors (process data)

Question 17

What is systematic risk

Answer 17

(Market risk); the risk of losses in trading positions due to movements of market prices

Question 18

What is a business risk

Answer 18

Probability of loss inherent in an organisations operations and environment

Question 19

What type of information helps us to make informed decisions and avoid unnecessary risks?

Answer 19

Comparative informartion

Question 20

When did modern risk management ideas originate?

Answer 20

Middle 20th century

Question 21

What is an insurance risk

Answer 21

Insurance risk associated with any one insurance contract is twofold; uncertainty that an insured event will occur, and uncertainty of the amount of any resulting claim.

For example, with life-related products, which are long-term contracts with individual policyholders provided by an appropriate insurer, there are inherent risks relating to mortality, morbidity or expenses variances.

Question 22

ERM

Answer 22

The structure an organisation sets up to control risk management across the whole of its organisation is known as enterprise risk management (ERM).

Question 23

Relationship between audit and risk management

Answer 23

According to the Institute of Internal Auditors (IIA) in its performance standards, the aim of internal audit is to evaluate and contribute to improvement of governance, risk management and control process using a systematic and disciplined approach.

Question 24

Relationship between compliance and risk management

Answer 24

Organisations whose existence depends on compliance with appropriate laws and regulations often create a separate compliance function specifically to identify and control threats that might lead to breaches of compliance.

Question 25

Risk management vs compliance vs audit

Answer 25

Compliance activities are a subset of both audit and risk management activities, concentrating on a limited number of specific, but important risks.

Question 26

Risk aware culture

Answer 26

Every organisation has its own way of doing things. If you become involved with several organisations you will immediately notice differences in the way people behave, in the attitudes of management and staff and the general approach to business performance achievement. Two similar hotels, for example, can have radically different standards of guest service even though their business objectives are ostensibly the same.

Question 27

Risk maturity

Answer 27

Generally speaking, organisations with effective risk management processes can expect less unexpected losses and better selection of future opportunities. The more risk management principles become embedded in organisation culture, the more effective are the processes, leading to greater expected gains.

5 levels
1 - initial
2 - uncoordinated
3 - intermediate
4 - coordinated
5 - strategic

Question 28

What is an internal fund

Answer 28

In large organisations, directors may decide to establish a designated fund from which subsidiaries and other units can claim to recover unexpected losses. This is known as an internal fund.

Question 29

Self insure programs

Answer 29

Internal fund

Captive insurer

Reinsurance

Question 30

Alternative risk transfer

Answer 30

The terms ‘Alternative Risk Transfer (ART)’ and ‘non-traditional risk transfer’ are used
loosely to embrace a range of instruments that enable an organisation to transfer financial risk to a professional risk carrier, other than by way of an insurance contract

Insurance derivates - They are a contract to pay an agreed amount of money once a certain level of loss incident is reached. Often that level of loss is not one just within the organisation but a level dictated by an external agency.

Catastrophe bonds - Catastrophe (cat) bonds, in their simplest form, are investment bonds that provide a return
to investors based on insurance type events rather than financial market developments

Loans

‘Put options’ - Organisations can buy a ‘put option’ from a financial institution. The option, or a contracted
right to act, will become effective following certain specified events, such as a catastrophic
loss. The damaged organisation then could use the contracted right to sell a pre-agreed level
and type of equity to the financial organisation that provided the option.

Question 31

Catastrophe bonds

Answer 31

Part of alternative risk transfer

Catastrophe (cat) bonds, in their simplest form, are investment bonds that provide a return
to investors based on insurance type events rather than financial market developments. One
way in which they are valuable to the larg1e investor is that they can spread the risk of their
portfolios beyond the capital markets into an additional market of insurance events, mainly
catastrophes. Periods are usually from three to five years and they make payments on the
occurrence of one event or two events ha1Ppening during that period.

Question 32

‘Put options’

Answer 32

Part of alternative risk transfer

Organisations can buy a ‘put option’ frorn a financial institution. The option, or a contracted
right to act, will become effective followin~I certain specified events, such as a catastrophic
loss. The damaged organisation then coulld use the contracted right to sell a pre-agreed level
and type of equity to the financial organisation that provided the option.
The equity to be sold could take the form ,of non-voting preference shares and thus not affect
balance sheet values.

Question 33

Risk financing plan

Answer 33

The way a company finances risks?

We have seen that the risk professional of a large organisation has a wide range of options
available to finance risks their organisation is facing. Making the right choice is a case of
matching precise needs with available options.
Risk financing plans will have board approval and will be constructed to:

Question 34

Risk management standards body’s

Answer 34

ISO 31000

FERMA

AIRMIC, Alarm, IRM:2010

COSO

Question 35

ISO 31000 areas

Answer 35

Split into 3 risk management areas
- principles
- frameworks
- process

Question 36

FERMA

Answer 36

The Federation of European Risk Management t,ssociations (FERMA) published a
European standard in 2003 that was based on the UK standard at that time, known as
AIRMIC, Alarm, IRM: 2002. AIRMIC (Association of Insurance and Risk Managers), Alarm
(the National Forum for Risk Management in the Public Sector) and the IRM (Institute of Risk
Management) are the three main professional risk management organisations in the UK.

Question 37

AIRMIC, alarm, IRM: 2010

Answer 37

Following the publication of ISO 31000, a new document, A Structured Approach to
Enterprise Risk Management (ERM) and the Requirements of ISO 31000, was produced to
provide a practical guide for organisations. wanting to implement comprehensive risk
management systems to the latest best practice recommendations and standards. This
guide was first published in 2010 and provides structured approach to implementing risk
management in the context of the new ISO standard.

Question 38

COSO

Answer 38

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a
joint initiative of five private sector audit and accounting organisations in the USA. It provides
thought leadership through the development of frameworks and guidance on ERM, internal
control and fraud deterrence.